allow bearer and other types of authorization in default handler
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
parent
df8de9e0c8
commit
5df2577e71
@ -37,8 +37,12 @@ class AuthRequest {
|
||||
public is_basic: boolean;
|
||||
public user: string;
|
||||
public password: string;
|
||||
|
||||
public is_bearer: boolean;
|
||||
public token?: string;
|
||||
public token_data?: unknown;
|
||||
public token_id?: string;
|
||||
|
||||
public body: string;
|
||||
|
||||
private _cookie_name?: string;
|
||||
@ -53,6 +57,7 @@ class AuthRequest {
|
||||
this.response = res;
|
||||
this.body = body;
|
||||
this.is_basic = false;
|
||||
this.is_bearer = false;
|
||||
this.user = '';
|
||||
this.password = '';
|
||||
this._cookie_name = cookie;
|
||||
@ -180,7 +185,7 @@ export default function create_auth_handler (
|
||||
.exec (req.headers.authorization as string);
|
||||
|
||||
if (token === null) {
|
||||
request.deny ();
|
||||
request.invalid ('missing authorization header');
|
||||
return Promise.resolve ();
|
||||
}
|
||||
|
||||
@ -197,37 +202,42 @@ export default function create_auth_handler (
|
||||
return default_handler (request);
|
||||
}
|
||||
|
||||
const token_data = auth.verify (token?.groups?.token as string);
|
||||
if ((/Bearer/ui).test (token?.groups?.type as string)) {
|
||||
request.is_bearer = true;
|
||||
request.token = token?.groups?.token;
|
||||
|
||||
if (!token_data.valid) {
|
||||
request.deny ();
|
||||
const token_data = auth.verify (request.token as string);
|
||||
|
||||
if (!token_data.valid)
|
||||
return default_handler (request);
|
||||
|
||||
request.token_data = token_data.data;
|
||||
request.token_id = token_data.id;
|
||||
|
||||
if (
|
||||
typeof options !== 'undefined'
|
||||
&& typeof options.refresh !== 'undefined'
|
||||
&& token_data.type === 'refresh_token'
|
||||
) {
|
||||
request.allow_access (options.refresh);
|
||||
return Promise.resolve ();
|
||||
}
|
||||
|
||||
if (
|
||||
typeof options !== 'undefined'
|
||||
&& typeof options.modules !== 'undefined'
|
||||
&& token_data.type === 'part_token'
|
||||
&& typeof token_data.next_module !== 'undefined'
|
||||
&& Object.keys (options.modules)
|
||||
.includes (token_data.next_module)
|
||||
)
|
||||
return options.modules[token_data.next_module] (request);
|
||||
|
||||
request.invalid ('invalid bearer type');
|
||||
return Promise.resolve ();
|
||||
}
|
||||
|
||||
request.token_data = token_data.data;
|
||||
request.token_id = token_data.id;
|
||||
|
||||
if (
|
||||
typeof options !== 'undefined'
|
||||
&& typeof options.refresh !== 'undefined'
|
||||
&& token_data.type === 'refresh_token'
|
||||
) {
|
||||
request.allow_access (options.refresh);
|
||||
return Promise.resolve ();
|
||||
}
|
||||
|
||||
if (
|
||||
typeof options !== 'undefined'
|
||||
&& typeof options.modules !== 'undefined'
|
||||
&& token_data.type === 'part_token'
|
||||
&& typeof token_data.next_module !== 'undefined'
|
||||
&& Object.keys (options.modules)
|
||||
.includes (token_data.next_module)
|
||||
)
|
||||
return options.modules[token_data.next_module] (request);
|
||||
|
||||
request.invalid ('invalid bearer type');
|
||||
return Promise.resolve ();
|
||||
return default_handler (request);
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
@ -49,8 +49,11 @@ describe ('auth handler', () => {
|
||||
let server: http.Server|null = null;
|
||||
beforeAll (() => {
|
||||
const ah = create_auth_handler ((req) => {
|
||||
if (!req.is_basic) {
|
||||
req.invalid ('unknown autorization type');
|
||||
if (!req.is_basic && !req.is_bearer) {
|
||||
req.invalid ('unknown authorization type');
|
||||
}
|
||||
else if (req.is_bearer) {
|
||||
req.deny ();
|
||||
}
|
||||
else if (req.user === 'foo' && req.password === 'bar') {
|
||||
req.allow_access ({
|
||||
@ -170,10 +173,13 @@ describe ('auth handler', () => {
|
||||
it ('should reject invalid requests', async () => {
|
||||
const resp1 = await get ();
|
||||
expect (resp1.statusCode)
|
||||
.toEqual (401);
|
||||
.toEqual (400);
|
||||
const res1 = check_headers (resp1);
|
||||
expect (res1.data)
|
||||
.toEqual ({ error: 'invalid_client' });
|
||||
.toEqual ({
|
||||
error: 'invalid_request',
|
||||
error_description: 'missing authorization header'
|
||||
});
|
||||
|
||||
const resp2a = await get ({ authorization: 'Basic foo:bar' });
|
||||
const res2a = check_headers (resp2a);
|
||||
@ -237,6 +243,17 @@ describe ('auth handler', () => {
|
||||
expect (res2.rt).not.toEqual (res1.rt);
|
||||
});
|
||||
|
||||
it ('should handle any authorization type', async () => {
|
||||
const resp = await get ({ authorization: 'Foo asdefg' });
|
||||
expect (resp.statusCode)
|
||||
.toEqual (400);
|
||||
expect (JSON.parse (resp.body as string))
|
||||
.toEqual ({
|
||||
error: 'invalid_request',
|
||||
error_description: 'unknown authorization type'
|
||||
});
|
||||
});
|
||||
|
||||
afterAll (() => {
|
||||
if (server === null)
|
||||
throw new Error ('server is null');
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user